Cveclient Cveinterface Js
Monthly
Cross-site scripting (XSS) vulnerability in CERT/CC cveClient cveInterface.js prior to version 1.0.24 allows injection of arbitrary HTML through untrusted CVE API service input. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts that execute in the context of users viewing CVE data. No CVSS score or exploitation data is available, limiting quantitative risk assessment; however, the attack vector is network-based and requires no authentication.
Cross-site scripting (XSS) vulnerability in CERT/CC cveClient cveInterface.js prior to version 1.0.24 allows injection of arbitrary HTML through untrusted CVE API service input. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts that execute in the context of users viewing CVE data. No CVSS score or exploitation data is available, limiting quantitative risk assessment; however, the attack vector is network-based and requires no authentication.